Legal
Privacy Policy
Last updated: 2026-07-11
This policy explains what personal data Aperilux processes when you use the websiteaperilux.app and the Aperilux app, why, on what legal basis, and what rights you have. Controller: Peter Burgener, Derflibach 3, CH-3855 Schwanden bei Brienz, Switzerland. Contact: [email protected].
Summary
- We use no advertising trackers and no consent-cookies — that is why there is no cookie banner.
- Analytics are cookieless and aggregate; we cannot identify you from them.
- We only collect data you actively give us (e.g. your beta email) or that is technically necessary to serve and secure the site, and we keep it only as long as we need it.
Hosting & server logs (Cloudflare)
The site is served via Cloudflare Pages/CDN. Cloudflare processes connection data (including your IP address, user-agent, and requested URL) to deliver and secure the site. Legal basis: legitimate interest in providing a secure, performant website (Art. 6(1)(f) GDPR). Cloudflare acts as our processor. Server/security logs are retained for a short period and then deleted or aggregated.
Analytics
We use privacy-friendly, cookieless analytics (Plausible, EU-hosted) that measure aggregate usage — page views, referrers, country, device type — without cookies, cross-site identifiers, or profiling. No data is used to identify you. Legal basis: legitimate interest in understanding and improving the site (Art. 6(1)(f) GDPR).
Bot protection (Cloudflare Turnstile)
Forms (such as the beta signup) are protected by Cloudflare Turnstile to prevent spam and abuse. Turnstile runs only on those form pages, assesses the request, and is strictly necessary for the security of the service (Art. 6(1)(f) GDPR). Cloudflare acts as our processor.
Location for the "live sky" feature
To greet you with sun and sky times near you, the site derives an approximate countryfrom your IP address (via Cloudflare) and maps it to a representative city. This is processed transiently to render the page; it is not stored and is not used to profile you. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
If you tap "Use my exact location", your browser asks your permission and shares precise coordinates with your device only to compute local sky times in the browser — these coordinates are not sent to or stored by us. You can decline, and can revoke the permission in your browser at any time.
Beta program
If you sign up for the beta, we process the email address (and any optional name/device info) you provide, plus a record of your consent, solely to give you access to the test (e.g. TestFlight) and to send you beta-related messages. Legal basis: your consent (Art. 6(1)(a) GDPR). We store the minimum needed and delete your entry at the end of the beta program, or earlier if you withdraw via the unsubscribe link or by emailing us.
Newsletter
We do not currently operate a newsletter. If we introduce one, it will use double opt-in (confirmed subscription) and we will update this policy before launching it.
Community showcase
The "Planned with Aperilux" community showcase is in preparation and not yet live. When it launches, its first phase will accept photo submissions only from users located outside the EU/EEA; the public gallery will be viewable by everyone. If you submit a photo, we will process the image, the details you provide (title, optional location/gear, links), your contact email (never published), and a consent record (timestamp, IP, image hash, terms version). Approved images are published with credit; we strip embedded EXIF/GPS metadata on approval. Legal basis: your consent and the performance of the showcase terms (Art. 6(1)(a)/(b) GDPR). You can request removal of an image and your data at any time — see theshowcase terms.
Email delivery
Transactional emails (beta confirmations and similar notices) are sent viaZoho ZeptoMail (Zoho Corporation), acting as our processor, using an EU data centre, under a data processing agreement.
Recipients & international transfers
We share data only with the processors named above (hosting/CDN, analytics, email) to the extent needed to run the service. We prefer EU data-residency options; the EU/EEA provides an adequate level of protection under Swiss law, so those transfers need no additional safeguard. Where a processor is elsewhere, transfers rely on an appropriate safeguard (Standard Contractual Clauses and/or Data Privacy Framework participation).
Retention
We keep personal data only as long as needed for the purpose it was collected: server logs briefly; beta entries until the end of the beta program (or your earlier withdrawal); showcase submissions until you request removal or we retire the gallery. Consent records are kept as evidence of consent for as long as legally required.
Your rights
Under the GDPR (and the Swiss FADP where applicable) you have the right to access, rectify, erase, restrict, and port your data, and to object to processing based on legitimate interest. Where processing is based on consent, you may withdraw it at any time without affecting prior processing. To exercise any right, email [email protected]. You also have the right to lodge a complaint with a supervisory authority: in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC / EDÖB); and if you are in the EU, your national data protection authority.
Changes
We may update this policy; material changes will be reflected in the "last updated" date above.